I am trying to set up a Matrix server using GitHub - spantaleev/matrix-docker-ansible-deploy: Matrix (An open network for secure, decentralized communication) server setup using Ansible and Docker
I've tried on both Google Cloud and Amazon EC2 VMs, using verious flavors of linux.
My DNS is managed via Dreamhost, where my domain ___.com
already has a Let's Encrypt certificate. I've added DNS records (A
and CNAME
) for matrix.___.com
and element.___.com
and so forth as described at matrix-docker-ansible-deploy/configuring-dns.md at master · spantaleev/matrix-docker-ansible-deploy · GitHub
But the playbook keeps failing with this:
TASK [matrix-nginx-proxy : Attempt initial SSL certificate retrieval with standalone authenticator (directly)] *****************************************************************
fatal: [matrix.___.com]: FAILED! => changed=true
cmd: /usr/bin/env docker run --rm --name=matrix-certbot --user=999:1001 --cap-drop=ALL -p 80:8080 --mount type=bind,src=/matrix/ssl/config,dst=/etc/letsencrypt --mount type=bind,src=/matrix/ssl/log,dst=/var/log/letsencrypt docker.io/certbot/certbot:amd64-v1.21.0 certonly --non-interactive --work-dir=/tmp --http-01-port 8080 --standalone --preferred-challenges http --agree-tos --email=zeev@___.com -d ___.com
delta: '0:00:06.532211'
end: '2022-01-05 20:30:20.536485'
msg: non-zero return code
rc: 1
start: '2022-01-05 20:30:14.004274'
stderr: |-
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
stderr_lines: <omitted>
stdout: |-
Requesting a certificate for ___.com
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: ___.com
Type: unauthorized
Detail: Invalid response from https://www.___.com/.well-known/acme-challenge/Sdwfd5MKLbvjpNQQBUMAVfy10FavlhghJ4B9-urzZ9c [2606:4700:3033::6815:39b7]: "<!DOCTYPE html>\n<html class=\"no-touch\" lang=\"en-US\" xmlns=\"http://www.w3.org/1999/xhtml\">\n<head>\n<meta http-equiv=\"Content-Type\""
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 8080. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
stdout_lines: <omitted>
...ignoring
TASK [matrix-nginx-proxy : Attempt initial SSL certificate retrieval with standalone authenticator (via proxy)] ****************************************************************
fatal: [matrix.___.com]: FAILED! => changed=true
cmd: /usr/bin/env docker run --rm --name=matrix-certbot --user=999:1001 --cap-drop=ALL -p 127.0.0.1:2402:8080 --network=matrix --mount type=bind,src=/matrix/ssl/config,dst=/etc/letsencrypt --mount type=bind,src=/matrix/ssl/log,dst=/var/log/letsencrypt docker.io/certbot/certbot:amd64-v1.21.0 certonly --non-interactive --work-dir=/tmp --http-01-port 8080 --standalone --preferred-challenges http --agree-tos --email=zeev@___.com -d ___.com
delta: '0:00:11.807192'
end: '2022-01-05 20:30:34.053931'
msg: non-zero return code
rc: 1
start: '2022-01-05 20:30:22.246739'
stderr: |-
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
stderr_lines: <omitted>
stdout: |-
Requesting a certificate for ___.com
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
Domain: ___.com
Type: unauthorized
Detail: Invalid response from https://www.___.com/.well-known/acme-challenge/dgFBTKTOdA7YQHfYg1TFNirmp1hsXTwyyvX65GTeKt8 [2606:4700:3033::6815:39b7]: "<!DOCTYPE html>\n<html class=\"no-touch\" lang=\"en-US\" xmlns=\"http://www.w3.org/1999/xhtml\">\n<head>\n<meta http-equiv=\"Content-Type\""
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 8080. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
stdout_lines: <omitted>
...ignoring
Finally it shows:
TASK [matrix-nginx-proxy : Fail if all SSL certificate retrieval attempts failed] **********************************************************************************************
fatal: [matrix.___.com]: FAILED! => changed=false
msg: |-
Failed to obtain a certificate directly (by listening on port 80)
and also failed to obtain by relying on the server at port 80 to proxy the request.
See above for details.
You may wish to set up proxying of /.well-known/acme-challenge to 2402 or,
more easily, stop the server on port 80 while this playbook runs.